Hi
I have this file in the WS_FTP Pro folder and only one AV seem to detect it as "malware". See the below analysis from jotti's site.
My question is
-Could this be a FP?
-What is modification of Win95.Werther.1224???
Only the good doctor has picked this up, hence my question.

Thanks for your response.
Cheers :)

Service load: 0% 100%

File: wsbho2k0.dll
Status: INFECTED/MALWARE
Packers detected: -

AntiVir No viruses found
Avast No viruses found
AVG Antivirus No viruses found
BitDefender No viruses found
ClamAV No viruses found
Dr.Web modification of Win95.Werther.1224
F-Prot Antivirus No viruses found
Fortinet No viruses found
Kaspersky Anti-Virus No viruses found
mks_vir No viruses found
NOD32 No viruses found
Norman Virus Control No viruses found

You can get an answer by send this file to vms@drweb.com
See details on http://support.drweb.com/sendnew/

in my experience it isnt a virus if kav says it isnt. best way to get a quick reply is (also in my opinion) to send it to newvirus@kaspersky.com - usually u get a reply within a couple of hours

Hi
To AndreyKa and tahoma
Thanks for your input...I took your advuce and sent the file off to both locations as you suggested. If I receive any replies, I will update this thread.
Your help is appreciated.
Cheers :)

You can contact stormbyte here at Wilders' and ask him the email for sending samples...

To anyone who maybe interessted.
I got a e-mail reply from Kav

"Hello. That is a false positive of Dr.Web antivirus."

So far, no response from Dr. Web, so I will assume that this file is ok, and the good doctor had a hiccup.

Thanks for your feedback.
Cheers :)

Does KAV test with Dr.Web or have relations with Dr.Web???

Maybe it can be called an FP b'coz it may contain virus code from Win95.Werther but it musta been modified so the file is harmless now. At least thats the way I figure it.